CVE-2024-20967 in MySQL Server
Summary
by MITRE • 01/17/2024
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/08/2025
The vulnerability identified as CVE-2024-20967 resides within the MySQL Server replication component, specifically affecting Oracle MySQL versions 8.0.35 and earlier, as well as 8.2.0 and prior. This flaw represents a significant security concern as it enables a high-privileged attacker with network access to compromise the targeted MySQL server instance. The vulnerability operates through multiple network protocols, expanding its attack surface and making it particularly dangerous in enterprise environments where MySQL servers are commonly deployed. The affected replication functionality suggests this issue could impact database consistency and availability across replicated database systems.
The technical nature of this vulnerability stems from inadequate input validation or processing within the server replication mechanisms, allowing malicious actors with elevated privileges to manipulate the replication process. The CVSS 3.1 score of 5.5 indicates a medium severity threat with specific impacts to integrity and availability, where the integrity impact is rated as low and availability as high. This scoring reflects the potential for attackers to cause complete denial of service conditions through hangs or repeated crashes, while also enabling unauthorized modification of data within the database system. The vulnerability's exploitability requires high privileges but not necessarily administrative access, making it particularly concerning for environments where privilege escalation might occur through other attack vectors.
From an operational perspective, successful exploitation of CVE-2024-20967 can result in catastrophic consequences for database availability and data integrity. The ability to cause complete denial of service through system hangs or crashes can severely impact business operations, particularly in mission-critical applications that rely on MySQL databases. Additionally, the unauthorized update, insert, or delete access capabilities mean that attackers can corrupt or modify sensitive data, potentially leading to data loss or manipulation that could affect financial records, customer information, or other critical business data. The replication component vulnerability is particularly dangerous because it can propagate malicious changes across replicated database instances, amplifying the impact of a single successful attack.
Organizations should implement immediate mitigations including applying the latest security patches from Oracle, which would address the specific replication vulnerability. Network segmentation and access controls should be strengthened to limit the attack surface, particularly restricting network access to MySQL servers. The principle of least privilege should be enforced, ensuring that only necessary network protocols and users have access to the replication functionality. Monitoring should be enhanced to detect unusual replication activity or patterns that might indicate exploitation attempts. This vulnerability aligns with CWE-200 (Information Exposure) and CWE-121 (Stack-based Buffer Overflow) categories, representing potential data exposure and system stability issues. From an ATT&CK framework perspective, this vulnerability maps to T1071.004 (Application Layer Protocol: DNS) and T1499.004 (Network Denial of Service) techniques, highlighting the multi-faceted nature of the threat. The vulnerability also relates to T1566 (Phishing) and T1068 (Local Privilege Escalation) as attackers might need to establish initial access before exploiting this replication-specific weakness, making comprehensive security measures essential for protection.